> -----Original Message----- > From: Goetz Babin-Ebell [mailto:babin-ebell@trustcenter.de] > Sent: Monday, November 10, 2003 11:25 AM > > But wrongly rejecting good input has no security implications. > But wrongly accepting bad input has. Coding to satisfy only security implications, in a vacuum separated from the rest of the world, all the security bugs in the world can be fixed simply by removing all the features. Wrongly rejecting good input has a very strong implication - your program fails to do what it is tasked with. You can call that a security implication, in that security's task is not just to prevent access by the unwashed, but also to allow, provide and facilitate access to those that are approved. If all we are doing is trying to prevent unauthorised access, then all we have to do is turn off, unplug, and shred, our computers. There - security made easy. Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | alun@texis.com. Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
